Informatics Engineering, an International Journal (IEIJ), Vol.4, No.2, June 2016
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS Urvashi Modi1 and Anurag Jain2 1, 2
CSE departments, Radharaman inst. of Tech & Science, Bhopal, India
ABSTRACT An intrusion detection system detects various malicious behaviors and abnormal activities that might harm security and trust of computer system. IDS operate either on host or network level via utilizing anomaly detection or misuse detection. Main problem is to correctly detect intruder attack against computer network. The key point of successful detection of intrusion is choice of proper features. To resolve the problems of IDS scheme this research work propose “an improved method to detect intrusion using machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three algorithms J48, J48Graft and Random forest gives much better results than other machine learning algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
KEY WORDS: IDS, KDDCUP 99, Machine learning, WEKA, Network Security, Precision, Recall
1. INTRODUCTION Intrusion-Detection System (IDS) has been observed as the”silver bullet” that guarantees safety of an organization system against possible attacks. Although after the extension of this method, it’s not successfully utilized due to the huge quantity of fake alarms that it creates. For example, the well identified open source Intrusion Detection System Snort technique [1] is performs on a network with few hundred machines and it generates thousands of alerts daily, which holds a bulk of fake alarms. IDS operation frequently generates huge quantity of results that usually flow into the organization’s Safety Operation Center (SOC), therefore causing an idealistically great quantity of effort and lengthy working for protection analysts. To overcome with this difficulty, researchers usually generate precise IDS rules (signatures) that specifically detain very precise attacks and decrease the overall False Positive (FP) rate. Though, this results in disappointment to separate other attacks or other forms of the targeted attack due to the polymorphic character of the attacks, which is an effect of the human intelligence that locates behind them. Additionally, to stop False Negatives (FN), i.e., detection misses the IDS’ system researchers resort to merge the above methods with a more generic system, so that an action with even a remote opportunity of representing an attack will activate an alert.
1.1 Intrusion Detection Systems Cyber attacks on PCs, Organizations, and governments have become every day events which break, privacy, reliability, and accessibility of the concerned computer systems. Thus, a system must be in put that could identify and prevent these attacks on a computer host or network. Therefore, various schemes and systems have appeared to automate this process. Different terms DOI : 10.5121/ieij.2016.4203
17